4 minute read
Farah Chamseddine
Cyber Security Architect at Microsoft
Elsewhere in this edition Lena Smart—who has been the inaugural CISO of three major organisations—says she is much more interested in hiring people for cybersecurity roles who have an innate sense of curiosity and will explore cybersecurity issues, driven primarily by that curiosity, than in hiring those with university training.
It was just such a sense of curiosity that took Farah Chamseddine—now a cybersecurity architect at Microsoft—from software engineering into cybersecurity.
“I was working as a software engineer in the education sector, responsible for reviewing applications developed by third party vendors against functional and non-function specifications,” she says. “I became really interested in ensuring these applications were protected against malicious or accidental misuse, especially because these applications were used by students and teachers.
“I started enjoying the challenge of testing applications for vulnerabilities until they failed and then using these learnings to identify security requirements for future features and applications. I started reading books about securing web applications, joined a penetration testing course and worked with my manager to dedicate time for cybersecurity responsibilities.”
FROM SOFTWARE ENGINEERING TO STRATEGIC CONSULTING
With her new-found interest in cybersecurity Chamseddine moved from her technical role in software engineering to a strategic consulting role in governance, risk and compliance (GRC) and then to her current role in security architecture. She is very happy with her career choice.
“Cybersecurity is a vast field that offers different opportunities. This has allowed me to have a career where I could always develop my skills, experience different roles, and ensure it was the right choice for me. The broad spectrum of roles in the domain have validated that I made the right choice in my specialisation.
“The goal for me was always to continue developing my knowledge and skill set in the areas I am interested in. And this is what helped me to take on more senior roles and additional responsibilities.”
Chamseddine started out with a degree in computer science, which she says, “exposed me to the
fundamentals of security across the software development lifecycle.” And, for anyone contemplating university study as the first step on a cybersecurity career journey, she says it is important to consider the wider context of how and where cybersecurity techniques are deployed.
CAREER ADVICE
“Cybersecurity is integrated into every component and layer of an application: from infrastructure and network to the application and data layer. So, my advice would be not to limit working and learning opportunities to focussing only on cybersecurity. Broaden your knowledge and, regardless of the subject, project or internship you are part of, think about the security aspects: how could these environments be compromised, and how could they be secured against attacks. … Be intentional in your career, have a growth mindset, and focus on your strengths.”
In her current role at Microsoft Chamseddine works closely with organisations to improve their cybersecurity posture and maturity. “While we work with stakeholders committed to cybersecurity, the challenge their teams face is the shortage in skills. This usually restricts their abilities to innovate as they try to focus on short-term security objectives,” she says.
For Chamseddine a typical day is “split between working with internal teams, completing training and admin tasks as well as meeting with customers to discuss and plan their security, privacy and compliance requirements.”
She adds: “I don’t rely on specific tools as I support customers in leveraging a number of cybersecurity, privacy and compliance products. In saying that, I have been working with many customers recently to uplift their multicloud security posture using Microsoft Defender for Cloud.
“I find working with government departments to secure services that we all use on a daily basis (e.g. transport and health) extremely rewarding. Also, working in a massive organisation like Microsoft helps me connect and learn from colleagues with different backgrounds, perspectives and areas they are passionate about.”
Chamseddine also keeps up with Microsoft’s technical announcements by reviewing the security blogs daily, uses LinkedIn to follow CISOs and thought leaders and uses her membership of the Australian Women in Security Network (AWSN) and the Australian Information Security Association (AISA) to network with peers in the industry, mentor and present about areas of interest, and attend presentations to learn more about other topics and experiences.
CERTIFICATIONS PLANNED
More formally, she is planning to gain the SC-100: Microsoft Cyber Security Architect certification and Certified in Risk and Information Systems Control (CRISC) qualifications to develop her technical and risk management skills.
Looking for future cybersecurity developments, Chamseddine expects the recent high profile data breaches to significantly raise consumer awareness about the security of their personal data, forcing businesses to be very public about their data management and security practices.
“Organisations will be driven to consider cybersecurity as a business enabler. They will be committed to strengthening their cybersecurity defences and taking a more proactive approach to protecting critical assets in order to remain competitive and achieve their business strategies.”
She adds: “Another area that may develop in the coming years is the use of AI and machine learning to support security teams such as GRC and SecOps. This can help organisations leverage the scarce skills within their teams and reduce efforts spent on manual tasks.”
www.linkedin.com/in/farahchamseddine
